diff --git a/scripts/http-brute.nse b/scripts/http-brute.nse
index 4b2693fd2..e98d7ba48 100644
--- a/scripts/http-brute.nse
+++ b/scripts/http-brute.nse
@@ -68,12 +68,10 @@ Driver = {
 		-- incorrectly tells us that the authentication was successfull
 		local response = http.generic_request( self.host, self.port, self.method, self.path, { auth = { username = username, password = password }, no_cache = true })
 
-		-- We should probably do more tests here, 500 error and redirects
-		-- should be possible candidates. checking for ~= 401 *should* work to
+		-- Checking for ~= 401 *should* work to
 		-- but gave me a number of false positives last time I tried.
-		-- After Davids initial review we decided to change it to not 4xx and
-		-- not 5xx. That would roughly equal the following:
-		if ( response.status < 400 or response.status > 599 ) then
+		-- We decided to change it to ~= 4xx.
+		if ( response.status < 400 or response.status > 499 ) then
 			if ( not( nmap.registry['credentials'] ) ) then
 				nmap.registry['credentials'] = {}
 			end